ietf-mxcomp
[Top] [All Lists]

Re: In favour of Sender ID

2004-08-28 12:35:57

Roy Badami <roy(_at_)gnomon(_dot_)org(_dot_)uk> writes:

I support Sender ID also for the flexibility of the SPF record.  Many
people have criticised it for being over-flexible (and hence over
complex, and overly resource intensive) but I feel that this
flexibility is key.  Having a policy language that is expressive
enough to allow people to describe their existing policies will result
in far more buy in than requiring people to change their policies to
fit in with MARID.

I agree that people should not be required to change their policies
and working practices purely to fit in with MARID. However, I think
that the fight against phishing and identify forging could be greatly
helped if, as well as technical measures such as MARID, some
organisations (especially some of those most liable to have their
identity spoofed by phishers) were to make some changes to their
policies and working practices. In particular using third parties (eg
PR companies or advertising agencies) to send e-mail to customers (and
potential customers) makes it very much harder (before MARID or
equivalent authentication is introduced) to distinguish between
genuine emails and phishing attempts. Changing to only sending emails
from MTAs using MAIL FROM, EHLO and rDNS within their own domain would
not only help (those who know how to read headers) distinguish genuine
emails from phishing before MARID is introduced but could greatly
simplify the MARID DNS ecords which have to be published and checked.